CVE-2008-3272

2008-08-0818:41:00

CWE-200

[email protected]

web.nvd.nist.gov

cve

2008

3272

snd_seq_oss_synth_make_info

sound subsystem

linux kernel before 2.6.27-rc2

sensitive information

nvd

5.2 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.3%

JSON

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.27
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq4.0
redhat:enterprise_linux_eusredhat enterprise linux euseq4.7
redhat:enterprise_linux_serverredhat enterprise linux servereq4.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq4.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.27
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	4.0
redhat:enterprise_linux_eus	redhat enterprise linux eus	eq	4.7
redhat:enterprise_linux_server	redhat enterprise linux server	eq	4.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	4.0